Google has removed nine applications from its Play store after researchers showed that they sneakily stole users’ Facebook login credentials.
The apps were hidden under names that sounded like everyday utility tools and apps.
An antivirus service, Dr. Web reported that their malware analysts discovered nine malicious apps in Google Play Store.
These apps reportedly acted as trojan malware and stole users’ Facebook login credentials after providing users the options to disable ads by logging in via their social media accounts.
These apps tricked users by showing an exact replica of Facebook’s login page. The apps instead loaded a JavaScript command that stole their login credentials.
The apps also apparently stole browser cookies from the authorization session. There were a total of malware variants and all of them reportedly used an identical JavaScript code to steal user data. The report also noted that out of the malware variants, three were native Android apps, and two were created using Google’s Flutter SDK.
The nine apps caught stealing users’ Facebook logins and passwords are –
1. PIP Photo (5,000,000+ downloads)
2. Processing Photo (500,000+ downloads)
3. Rubbish Cleaner (100,000+ downloads)
4. Inwell Fitness (100,000+ downloads)
5. Horoscope Daily (100,000+ downloads)
6. App Lock Keep (50,000+ downloads)
7. Lockit Master (5,000+ downloads)
8. Horoscope Pi (1,000 downloads)
9. App Lock manager (10 downloads)
It needs to be mentioned that the PIP Photo app has more than 5.8 million downloads and has five different variants of malware.
The malware variants identified by Dr. Web are –
1. Android.PWS.Facebook.13,
2. Android.PWS.Facebook.14,
3. Android.PWS.Facebook.15,
4. Android.PWS.Facebook.17, and
5. Android.PWS.Facebook.18.
Google also informed that they had also banned the app developers of all of the nine apps from Google Play store.
These would stop these developer accounts from publishing any new apps on the marketplace.